Radius User Authentication and Login PW Change

New Contributor

We are deploying a WPA2 Enterprise Radius network , authentication is with users AD credentials. I've used a configuration profile for a login window network. It works great for users to log into a computer for the first time, authenticates the network and AD for login just fine. Though if I have a user flagged for a password change in AD, they can't authenticate against the network and therefore can't login nor can they update their password.

Anyone deal with this and hopefully have a solution?